FL: Agency for Community Treatment Services, Inc. Notification of Ransomware Attack
TAMPA, Fla., Dec. 24, 2020 /PRNewswire/ — The Agency for Community Treatment Services, Inc. (“ACTS”) announced today that it has taken action after learning of a data security incident which may have compromised the personal information and/or protected health information of patients who received care from ACTS from 2000 through 2013. ACTS began providing notice to all potentially impacted individuals on December 22, 2020.
What Happened? On October 23, 2020, ACTS became aware of a data security incident, including ransomware, that impacted portions of its server and data infrastructure. ACTS immediately took its systems offline and undertook efforts to restore its servers with additional high-level security mechanisms and monitoring. ACTS thereafter retained a professional forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.
What Information Was Involved? The forensic investigation was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions. The forensic investigation did determine that first access to ACTS’ systems occurred on approximately October 21, 2020, with the ransomware launched on October 23, 2020. The data security incident may have resulted in unauthorized access to or acquisition of personal information, including names, date of birth, and Social Security numbers, as well as protected health information, including medical records, treatment information, health insurance information in connection with the provision of treatment services at ACTS from 2000 through 2013.
What Is ACTS Doing? As stated above, following the data security incident, ACTS immediately undertook efforts to restore its servers with additional high-level security mechanisms and monitoring. Backups and other information maintained by ACTS were used to enable near seamless restoration of security and services. ACTS has retained a forensic investigation firm to thoroughly investigate the incident. ACTS has also offered the impacted individuals access to complimentary credit monitoring and identity theft protection services as an added precaution and to mitigate risk. Please be advised that ACTS is continuing to work closely with leading security experts to identify and implement measures to further strengthen the security of their systems and prevent this from happening in the future.
What Patients Can Do ACTS is aware of how important personal information and protected health information is to patients and their loved ones. ACTS began mailing notification letters on December 22, 2020 to the potentially impacted patients for whom ACTS had valid mailing addresses. Please note that it is entirely possible that a patient’s personal information and/or protected health information may not have been compromised as a result of the incident, particularly as ACTS believes that the information was extremely difficult to access given the security controls in place. Nonetheless, ACTS is providing notification of the incident in an abundance of caution. If an individual does not receive a letter, but would like to know if he or she was potentially impacted by this incident, or if an individual has any questions or would like additional information, they may call ACTS’ dedicated assistance line at (800) 242-9418 between the hours of 9:00 a.m. to 9:00 p.m. EST, Monday through Friday.
SOURCE Agency for Community Treatment Services, Inc.